Skip to content

issue new refresh token every call to refresh access token #712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
barneag opened this issue May 1, 2022 · 5 comments
Closed

issue new refresh token every call to refresh access token #712

barneag opened this issue May 1, 2022 · 5 comments
Assignees
@sjohnr
Labels
status: invalid An issue that we don't feel is valid

Comments

@barneag
Copy link

barneag commented May 1, 2022

Today Refresh token has a fixed time of expiration by default.
It would be nice to create mechanism for new expiration for refresh token,
every time we refresh access token.
thanks!
@barneag barneag added the type: enhancement A general enhancement label May 1, 2022
@barneag barneag changed the title new expiration for refresh token every time we refresh access token issue new refresh token every call to refresh access token May 1, 2022
@sjohnr sjohnr self-assigned this May 5, 2022
@sjohnr
Copy link
Member

sjohnr commented May 5, 2022

Hi @barneag, thanks for reaching out!

Have you seen TokenSettings.Builder.reuseRefreshTokens(boolean) and TokenSettings.Builder.refreshTokenTimeToLive(Duration)? With these two settings, you can specify a rotating refresh token that obtains a fresh expiration time of your choosing upon each use.

I believe it would not be best practice to simply extend the existing refresh token's lifetime (though again you can set a long lifetime if needed). See gh-297 for an example, which summarizes best practices for SPAs and the use of refresh tokens.

Do you have any additional thoughts on this?

@sjohnr sjohnr added the status: waiting-for-feedback We need additional information before we can continue label May 5, 2022
@spring-projects-issues
Copy link
Collaborator

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

@spring-projects-issues spring-projects-issues added the status: feedback-reminder We've sent a reminder that we need additional information before we can continue label May 12, 2022
@sjohnr
Copy link
Member

sjohnr commented May 17, 2022

@barneag just wanted to make sure you saw my above comment?

@spring-projects-issues
Copy link
Collaborator

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.

@spring-projects-issues spring-projects-issues removed status: waiting-for-feedback We need additional information before we can continue status: feedback-reminder We've sent a reminder that we need additional information before we can continue labels May 19, 2022
@sjohnr sjohnr added status: invalid An issue that we don't feel is valid and removed type: enhancement A general enhancement labels May 19, 2022
@barneag
Copy link
Author

barneag commented May 25, 2022

Hey @sjohnr
Thanks for the answer! just noticed thanks to you that we have the option to reuse the refresh token!
We will consider the 2 options, thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
status: invalid An issue that we don't feel is valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sjohnr @spring-projects-issues @barneag